With the explosive growth in mobile devices, wireless data rates and mobile-based software applications (aka “apps”), the security and privacy needs of the user of wireless devices such as smartphones, tablet computers, and wireless LAN-equipped netbooks, laptop portable computers or voice-over-IP phones with nomadic capabilities have been overlooked.
In the rush to establish and gain market share, device manufacturers modified existing operating systems (e.g. UNIX, LINUX, Microsoft Windows, POSIX, NeXT, BSD) and added hardware subsystems and sensors (e.g. cameras, accelerometers, GPS receivers, infrared transceivers, Wi-Fi transceivers, Bluetooth transceivers, and digital signal processors) without due consideration to the unique security and privacy situation of a device as private and personal as a wireless device.
The existing security models of the operating systems were designed to preserve system integrity and data integrity, but not designed with the mobility and network access inherent in wireless devices. As such the existing separation of the operating system for user-level applications and the sandboxing of application from each other do not prevent leakage of private information from the wireless device. The present Operating System (OS) security model provides ample opportunity for the infiltration of mal-ware and virus-like applications. Also, the OS security model provides no protection against commercial leakage of private data by carriers, App providers, Operating System makers or OEMs intent on selling or using customer private data or infiltration of malware at the OS maker, carrier, or OEM levels.
As can be seen, the simplistic, all- or nothing security settings of wireless devices and the narrow legislation that provides penalties for only the most egregious offenders (if the identity of the offender can ever be discovered), are a poor substitute for active user control of the formation and dissemination of personal information. For example, the “Location Privacy Protection Act of 2011” (Senate bill. 1223) was a narrowly-tailored location-only bill that would require any company that may obtain a customer's location information via smartphone or other mobile device to get that customer's express consent before obtaining and sharing, selling or renting location data. The bill also would create focused criminal penalties for the worst abusers of location technology, including the knowing and intentional use of so-called “stalking apps” to violate federal anti-stalking and domestic violence laws.
Therefore what is needed is a system and method for enhanced security and privacy of a device to protect a user, which applies to operating systems, including; Android, iOS, Windows Mobile, Blackberry, Symbian, PalmOS, Firefox OS and Ubuntu Mobile/Ubuntu for devices. The Android-based model discussed is an exemplary but not exclusive environment in which the present invention may be used.